PT-2010-4255 · Microsoft · Windows Vista+4
Published
2010-09-07
·
Updated
2024-06-24
·
CVE-2010-2739
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows XP SP3
Microsoft Windows Server 2003 R2 Enterprise SP2
Microsoft Windows Vista Business SP1
Microsoft Windows 7
Microsoft Windows Server 2008 SP2
Description
The issue is related to a buffer overflow in the CreateDIBPalette function in win32k.sys, which allows local users to cause a denial of service (crash) and possibly execute arbitrary code. This can be achieved by performing a clipboard operation with a crafted bitmap that contains a large number of colors, utilizing the GetClipboardData API function.
Recommendations
For Microsoft Windows XP SP3, update to a newer version to mitigate the risk.
For Microsoft Windows Server 2003 R2 Enterprise SP2, update to a newer version to mitigate the risk.
For Microsoft Windows Vista Business SP1, update to a newer version to mitigate the risk.
For Microsoft Windows 7, update to a newer version to mitigate the risk.
For Microsoft Windows Server 2008 SP2, update to a newer version to mitigate the risk.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows 7
Windows Server 2003
Windows Server 2008
Windows Vista
Windows Xp